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EXAMINER'S ANSWER 



This is in response to the appeal brief filed February 22, 2008 appealing from the Office 
action mailed August 21, 2007. 
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Art Unit: 2145 

(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's decision in 
the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 
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(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 

Claims 1-2, 9, and 11-12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

Lortz (US PGPUB 2003/0018786) in view of Hopmann et al. (US Pat. No. 6,499,031, hereinafter 

"Hopmann"). 

As to claims 1 and 11, Lortz shows a systems administration policy enforcement method, 
and a machine readable storage having stored thereon a program for causing a machine to 
perform such a method (inherent to any computer-implemented system), comprising: 

responsive to a request (comprising a "resource request": see Fig. 4C and [0043]) 
to perform an administrative task (the task comprising "editing": see [0021]) directed to a 
resource (resource device 14) within a computing network (network 16), retrieving an 
administration policy comprising a set of rules for governing said administrative task (the 
policy comprising policy data and the rules comprising access control entries: see [0019] 
and [0044]-[0045]); and 

permitting said administrative task only if a set of rules in said retrieved policy are 
satisfied (see step 310 in Fig. 4C and [0045]). 

Lortz does not show retrieving state data for a resource and applying a policy to retrieved 
state data. 
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Hopmann shows retrieving state data (comprising whether or not a resource is locked) for 
a resource and applying a policy to retrieved state data (the policy being that a resource is only 
available if it does not have a lock token: see lines 7-9 of col. 1 and col. 8, line 65 to col. 9, line 
2). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the invention of Lortz with the evaluation of state data as taught by Hopmann in order 
to prevent administrative task requests from overwriting one another (see Hopmann, col. 2, lines 
14-18). 

As to claims 2 and 12, Lortz in view of Hopmann shows the limitations of claims 1 and 
1 1 as applied above, and Lortz further shows providing a user interface for establishing said set 
of rules for said administration policy (see lines 7-10 of [0031]); and storing said administration 
policy for subsequent retrieval in said retrieving step (see lines 1-5 of [0035]). 

As to claim 9, Lortz shows a system administration policy enforcement system 
comprising: 

an administration policy comprising a set of rules for permitting and disallowing 
administration of resources in a system hosting a plurality of interdependent resources 
(the policy comprising policy data and the rules comprising access control entries: see 
[0019] and [0044]-[0045]); 
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a policy evaluation component configured to determine whether rules in said 
administration policy are satisfied (comprising the component which determines whether 
or not to grant a client access, as described in [0045]); and 

an exit routine coupled to a resource in said network, said exit routine having 
logic for forwarding requests to administer said resource to said policy evaluation 
component (the exit routine comprising the component which receives the resource 
request and initiates the evaluation process: see [0044]). 

Lortz does not show the policy evaluation component configured to retrieve resource 
state data and determine whether said retrieved resource data satisfies rules in said administration 
policy. 

Hopmann shows retrieving resource state data (comprising whether or not a resource is 
locked ) and determining whether said retrieved resource state data satisfies rules in an 
administration policy (the policy being that a resource is only available if it does not have a lock 
token: see lines 7-9 of col. 1 and col. 8, line 65 to col. 9, line 2). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the invention of Lortz with the evaluation of state data as taught by Hopmann in order 
to prevent administrative task requests from overwriting one another (see Hopmann, col. 2, lines 
14-18). 

Claims 3 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lortz 
(US PGPUB 2003/0018786) in view of Hopmann (US Pat. No. 6,499,031), and further in view 
of Bell et al. (US Pat. No. 6,880,005, hereinafter "Bell"). 
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Lortz in view of Hopmann shows the limitations of claim 1 as applied above, and 
additionally shows permitting an administrative task only if information satisfies a set of rules in 
a retrieved policy (see Lortz, [0045]). Lortz in view of Hopmann does not show retrieving 
environmental information, or permitting the administrative task where the information is 
environmental information. 

Bell shows retrieving environmental information for a computing network (the 
information comprising the current weekday, and the retrieving being inherent to evaluating a 
policy which dictates that information can only be accessed during specified days of the week: 
see col. 3, lines 27-30 and col. 2, lines 16-20). Bell further shows permitting an administrative 
task only if the environmental data satisfies a set of rules in a policy (see col. 3, lines 27-30). It 
would have been obvious to one of ordinary skill in the art at the time of the invention to further 
modify the invention of Lortz in view of Hopmann with the environmental data and policy 
evaluation of Bell in order to ensure that administrative tasks are allowed to occur only during 
specified times. 

Claims 4-7 and 14-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Lortz (US PGPUB 2003/0018786) in view of Hopmann (US Pat. No. 6,499,031), and further in 
view of Burns et al. (US PGPUB 2003/0014644, hereinafter "Burns"). 

As to claims 4 and 14, Lortz in view of Hopmann show the limitations of claims 1 and 1 1 
as applied above, and show retrieving state data for said resource as applied above, but do not 
show retrieving state data for other related resources in said computing network. 
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Burns shows retrieving state data for other related resources in a computing network (see 
[0038]). It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the invention of Lortz in view of Hopmann with the state retrieval of Burns in order to 
determine why a policy rule was not being upheld and correct the problem if possible (see Burns, 
[0014]). 

As to claims 5 and 15, Lortz in view of Hopmann show the limitations of claims 1 and 1 1 
as applied above, and further show disallowing said administrative task if said further retrieved 
state data fails to satisfy said set of rules in said retrieved policy (see step 310 of Lurtz), but do 
not show identifying a related resource having a related resource state giving rise to said state 
data for said resource failing to satisfy said set of rules in said retrieved policy; requesting 
remediation of said related resource state so that said related resource state satisfies said set of 
rules in said retrieved policy; and further permitting said administrative task subsequent to a 
remediation of said related resource state. 

Burns shows identifying a related resource having a related resource state giving rise to 
state data for a resource failing to satisfy a set of rules in a retrieved policy (see lines 1-9 of 
[0039] and lines 6-10 of [0044]); and requesting remediation of said related resource state so that 
said related resource state satisfies said set of rules in said retrieved policy (see [0044]-[0045]). It 
would have been obvious to one of ordinary skill in the art at the time of the invention to further 
modify the invention of Lortz in view of Hopmann with the identification and remediation 
system of Burns in order to ensure that retrieved policies are upheld even when the state of the 
network and its components change (see Burns, [001 1]). 
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It is noted that the method of Lortz in view of Hopmann and Burns would permit said 
administrative task subsequent to a remediation of said related resource state, as the system 
would have no reason to disallow the task if the related resource state were remediated. 

As to claims 6 and 16, it is noted that the steps of disallowing, identifying, requesting, 
and further permitting are performed autonomically; that is, without the invention of a human 
operator. 

As to claims 7 and 17, it is noted that the steps of disallowing, identifying, requesting, 
and further permitting as applied above are performed recursively for each related resource 
whose state gives rise to a failure of said resource to satisfy said retrieved policy (see Burns, 
[0045]). 

Claims 8 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lortz 
(US PGPUB 2003/0018786) in view of Hopmann (US Pat. No. 6,499,031), and further in view 
of Hall (US Pat. No. 5,930,479). 

Lortz in view of Hopmann show the limitations of claims 1 and 1 1 as applied above, and 
further show inserting an exit routine in an administrative interface of said resource (the exit 
routine comprising the component which receives the resource request and initiates the 
evaluation process, and the administrative interface being the necessary interface through which 
the client requests the resource: see [0044]), said exit routine having a configuration for 
forwarding requests to administer said resource to a policy evaluation component programmed to 
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perform said steps of retrieving, further retrieving, applying, permitting (the forwarding being 
necessary to initiate the request to the policy manager and evaluate the received policy data: see 
[0044]-[0045]), but do not show that the administrative interface is an administrative console. 

Hall shows an administrative interface comprising an administrative console (see Fig. 1 1 
and lines 39-58 of col. 16). It would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify the invention of Lortz in view of Hopmann with the 
administrative console of Hall in order to provide a familiar interface through which clients may 
make task requests (see lines 53-56 of col. 16). 

Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Lortz (US 
PGPUB 2003/0018786) in view of Hopmann (US Pat. No. 6,499,031), and further in view of 
Krumel (US PGPUB 2002/0083331). 

Lortz in view of Hopmann show the limitations of claim 9 as applied above, but do not 
show a rules engine coupled to said policy evaluation component and configured to retrieve said 
set of rules on behalf of said policy evaluation component. Krumel shows a rules engine 
configured to retrieve rules (see lines 5-8 of [0096]). It would have been obvious to one of 
ordinary skill in the art to modify the invention of Lortz in view of Hopmann with the rules 
engine of Krumel in order to speed development by using pre-existing software products to 
perform the rule retrieval. See also paragraph [0023] of applicant's specification, which explains 
that rules engines are well-known in the art. 



(10) Response to Argument 
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The examiner will respond to Appellant's arguments in the order they were presented. 
Claims 1-2, 9. and 11-12 

Appellant argues, in connection with claim 1, that Lortz fails to show the claimed 
"request to perform an administrative task." Appellant indicates that "[a] clue as to whether or 
not a particular task could be considered an 'administrative task' is whether the entity performing 
the task has administrator privileges or is simply a general user" (pages 6-7 of brief). Appellant 
then contends that the "resource request" taught by Lortz is not performed by an "administrator," 
but Lortz clearly shows that access is granted based on privilege levels which include "owner" 
and "editor" (see [002 1]). The Examiner submits that resource requests which require "owner" or 
"editor" privileges, especially in light of Appellant's indication that the level of permission 
associated with the request is key to proper construction, may reasonably be interpreted as 
"administrative tasks." 

Appellant further argues that "accessing a resource alone (as taught by both Lortz and 
Hopmann" does not disclose the claimed "administrative task." However, the Examiner again 
submits that since the level of permission associated with a task is key to determining whether or 
not it is "administrative," the "resource request" taught by Lortz meets the claim. 

Appellant further argues that Hopmann fails to teach the claimed "state data for said 
resource," because "[a] lock is external to the resource and does not reflect the state of the 
resource." The Examiner disagrees. First, nothing in the claim language requires that the state 
data be "internal" to the resource. Second, the lock reflects the state data of the resource in that it 
indicates the resource is currently being edited. In other words, resources in Hopmann have 
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several states: unlocked, locked and inaccessible to other clients, and locked but viewable to 
other clients (see col. 3, line 60 to col. 4, line 2). 
Claims 3 and 13 

For claims 3 and 13, Appellant incorporates the arguments from claims 1 and 11. The 
examiner disagrees for the reasons given above. 
Claims 4-7 and 14-17 

Appellant argues, in connection with claim 4, that one of ordinary skill in the art would 
not have been motivated to retrieve state data for other related resources in a computing network 
when the administrative task of Lortz "does not appear to be affected by the 'other related 
resources' in the computing network." The Examiner notes that the claim language does not 
require that the retrieval of other related resources have anything to do with the nature of the 
administrative task. 

Burns is directed to a system which seeks out and discovers the states of a multitude of 
resources on a network in order to determine which resource is causing a policy to fail. For 
example, if the policy is that a client should have access to a specific resource, and it does not, 
Burns determines which network element is preventing the client from accessing the resource. 
The examiner submits it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to retrieve the state data for related resources in order to determine why 
a policy rule was not being upheld and correct the problem if possible (see Burns, [0014]). 

Appellant further argues, in connection with claim 5, that the "configurable parameters" 
taught by Burns are not comparable to "a related resource having a related resource state" and 
the locked/unlocked state of Hopmann, and that Burns does not teach "requesting remediation of 
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said related resource state." The Examiner disagrees. In [0044], Burns teaches a network 
component (such as a router or firewall) being in a state which prevents packets from being 
transmitted to a server to which the client should have access. For example, the network 
component could be improperly configured, causing it to drop packets. In the combination 
proposed by the Examiner, the system would fail to satisfy a rule which indicates that a client 
should have administrative access to a resource that is not locked. The network component (such 
as a router or firewall) would be in a state (a state of improper configuration) that is giving rise to 
the failure. The system of Burns requests a remediation of the related resource state (i.e., an 
altering of the configuration parameters) so that the related resource state satisfies said set of 
rules in said retrieved policy (i.e., that the related resource state permits access to the resource). 
The combination would permit said administrative task subsequent to a remediation of said 
related resource state, as the system would have no reason to disallow the task if the related 
resource state were remediated. Thus, the Examiner submits that the combination presented 
above meets the limitations of the claim. 
Claims 8 and 18 

For claims 3 and 13, Appellant incorporates the arguments from claims 1 and 11. The 
examiner disagrees for the reasons given above. 
Claim 10 

For claim 10, Appellant incorporates the arguments from claim 9, which stands or falls 
with claim 1 . The examiner disagrees for the reasons given above. 



(11) Related Proceeding(s) Appendix 
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No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 

Respectfully submitted, 
IC. B.I 

Christopher Biagini 
Examiner, Art Unit 2142 

/Andrew Caldwell/ 

Supervisory Patent Examiner, Art Unit 2142 

Conferees: 
/Andrew Caldwell/ 

Supervisory Patent Examiner, Art Unit 2142 



/Jason D Cardone/ 

Supervisory Patent Examiner, Art Unit 2145 



